The Google App Engine standard environment allows easy integration with Google accounts for user authentication, Cloud Datastore and with APIs such as Gmail API, Google Calendar etc.
Are these same features available in Compute Engine also? I mean can I deploy a web application in a Tomcat container in a Compute Engine VM and use Google Accounts for authentication, Cloud Datastore for persistence and APIs such as Google Plus and Google Calendar for reading users' personal information?
I found this URL that says Cloud Datastore can be used from Compute Engine but could not find similar documentation about usage of Google Accounts for authentication and usage of APIs like Google Plus and Google Calendar.
Yes you can.
You can use all Google APIs (Gmail API, Google Calendar etc) from tomcat and from any other web container. You simply need to provide the credential to connect to the Google APIs. HERE how can you obtain the credential on a server side web application, please note that the documentation it's not referring to any specific web container.
Appengine provides out of the box a simpler way to authenticate Google user through the UserServiceFactory. This service it's not available outside the AppEngine Enviroment because it comes with the AppEngine SDK.
In order to use the Google Cloud Datastore from outside of the AppEngine environment you need to use the Remote API. With this api you will be able to access the Datastore service.
Related
is it possibe to add a Google Cloud service account json done with a different gmail account to a Google Play console api access with different gmail account?
Google Cloud service account (gmail1) -> Google Play Api Access (gmail2)
I want to use an already existing cloud platform profile, only thing is I created Google Play console profile with another gmail, is it possible to manually add the json?
https://play.google.com/console/u/0/developers/7136348775757715460/api-access
Can't do it from here...
I am not able to use Firebase Storage however I am using Identity Platform (firebase auth). Once a user is logged in to my web application, I would like them to be able to upload to a Cloud Storage bucket. The current way I am thinking about doing this is by have a Cloud Function which first uses firebase admin library to verify the token of the user and then generates a signed-url for the upload.
Is this the correct method for doing this?
Google Cloud Identity Platform uses the same SDKs and most of the same back-end as Firebase Authentication. The main difference in is the set of features it supports, and its pricing model.
If your project is set up for using Cloud Identify Platform, you can still use the Firebase SDKs for Cloud Storage to upload, and use Firebase's server-side security rules to control read/write access for it. A common security model to get started with is content-owner only access.
I have experience in integrating AWS cognito with Azure AD (SSO). But I don't know how to implement similar authentication in GCP.
I want to authenticate the users in Azure AD to use the custom web app deployed in Google cloud run.
I see three options in GCP, but I couldn't find any resource to implement.
Google cloud identity
Google cloud identity platform
Firebase Authentication
This custom web app should only authenticate the Azure AD users in our organization.
Google Cloud Identity Platform and Firebase Authentication are effectively the same thing. There are a few additional features in GCIP.
To set up GCIP for Microsoft user, here's a link to the docs.
If you're using Cloud Function for Firebase, you can use a Callable Function to get the authenticated user, then handle your own authorisation.
If you want to use Cloud Run, then you can use the Firebase Admin SDK (even with GCIP) to verify the token and get the user ID (which you can then use to authorise the user via a database or with Custom Claims).
I would like to set up a oauth access for a node-red deployed on bluemix and access a multiuser dashboard. I think it should be done via the IBM Cloud Function API and use IBM Cloud App ID to protect it with the IBM Cloud API Gateway- that said - theres no way to connect those gateway functions to the dashboard webpages through bluemix that I can see. Has this use of node-red been done?
Note I am not trying to provide access to node-red flows only secure the Dashboard pages created with the multi-user node.
I have multi-user multi-sessions dashboard running but theres no current nodes to secure this - or flows that offer this functionality - I'm not even sure you could build oauth using flows. Perhaps a dedicated node that is built to provide ...perhaps fussing with bluemix-settings.js
I've researched Node-red capacity especially when deployed in IBM cloud and this is adequate. Node-red provides easy to provision cloudant access as well as dashboard functionality that I want to embed in a consumer mobile app.
So the point is to provide oauth for the public access of the dashboard and to protect the cloudant endpoints. As well as keep the functionality in the cloud rather than in the mobile app.
This is preferably a code-less solution.
Can you provide more information on dashboards? What do you mean by Dashboard pages created with the multi-user node?
There are node-red OAuth2.0 and OIDC plugins that can be integrated into the flows to secure them.
https://www.npmjs.com/package/node-red-contrib-openid
https://www.npmjs.com/package/node-red-contrib-auth-oidc
https://www.npmjs.com/package/node-red-contrib-simple-oauth2
Referring to the document https://developers.google.com/accounts/docs/OAuth2ServiceAccount, was able to obtain an access-token.The above mentioned document doesn't provide any details regarding the API's that can be accessed using Service Account.Can anyone list the API's which can be accessed using access-token obtained from Google service account?
Unfortunately, we don't have an exhaustive list of the support in this area. In general, you should be able to access a Google API if that API does not require the user to do something in a web interface to configure their account before doing API access. Service Accounts can't log in. So if the service needs some interactive input from a user on a Google wesite, often their APIs will not work with Service Accounts. Hope this helps.